Tim Hortons, a chain three times bigger than McDonald’s, spied on customers. Here’s what businesses can learn from it

Canada’s largest fast-food chain, Tim Hortons, has been caught tracking the movements of 10 million customers and recording when they visit rival coffee shops, raising serious questions about how apps store data when consumers opt in via lengthy and confusing terms and conditions.

Canuck customers were encouraged to download the app when it launched in 2017, which allowed them to conduct payments, amass loyalty points and place orders at the beloved coffee and doughnut shop.

In the first three years, the Tim Hortons app was downloaded some 10 million times in a Canadian population of 38 million people. The uptake reflects the chain’s saturation in the Canadian market — there are 4300 Tim Hortons, which is more than three times the number of McDonald’s in Canada.

Tim Hortons has been foreign-owned since 2014, but still holds strong public favour, perhaps in large part because of its eponymous founder, a famous hockey player who met a fiery end in 1974 when he crashed his car while intoxicated.

But last week a damning report threw ice water over that goodwill. Canada’s federal privacy commissioner and three of his provincial counterparts found Tim Hortons blatantly disregarded privacy laws to spy on Canadians in a “mass invasion of Canadians’ privacy”.

“As a society, we would not accept it if the government wanted to track our movements every few minutes of every day,” the federal privacy commissioner Daniel Therrien said in a news conference.

“It is equally unacceptable that private companies think so little of our privacy and freedom that they can initiate these activities without giving it more than a moment’s thought.”

Jason Pallet, a senior lecturer at Swinburne University of Technology, says brands often fall into this trap. They intend to walk the fine line between collecting data and providing a tailored experience, but fail to communicate to the customer what they are doing and why.

Pallet, who is the co-director of the Customer Experience and Insight Research Group, called it the personalisation privacy paradox.

“Consumers want personalisation. They want brands to know about them and to give them more relevant offers, products and recommendations — but they also want to protect their privacy,” Pallet said.

Just look at Spotify’s weekly Discover playlists that are generated based on listening habits, he said, or Netflix, which recommends shows based on your viewing history.

But without this transparent benefit, Pallet continued, “brands end up doing something that’s technical legal — and even that consumers have technically agreed to via the terms and conditions — but it’s something consumers are not consciously aware is happening”.

In this case, Pallet said, “consumers would be left wondering why Tim Hortons wanted to track their location”, which has likely done big damage to the trust in the revered Canadian brand.

But it wasn’t always so. Things only took a dark turn when a new feature was quietly introduced using a geolocation software company called Radar. It turned on the GPS systems in customers’ phones using a corporate snooping mechanism.

It wasn’t unusual on the face of it. Many apps ask to use your location to show you nearby vendors on a map, for instance, or to set your local store if it’s a company with multiple shopfronts, like Bunnings.

But the Tim Hortons app tracked customers anywhere in the world, and at all times of the day and night. It located them geographically, but also recorded what home, factory or office they were in.

According to the privacy commissioner’s report, the app also recorded whether a customer went to a rival coffee shop.

Crucially, it did so without customer approval. Users were told they would only be geographically tracked while using the app, and the original intention was for Tim Hortons to target people with promotions if they were near one of the thousands of stores.

Management dropped the plan to target customers this way, but did use the data, in an aggregated form, to analyse customer behaviour about where and when Canadians were getting their coffees.

“It’s hard to justify how that benefits the consumer,” Pallet said.

Yet transparency about how and why a brand is using data is actually a win-win for everyone involved, he continued.

“Our message to brands is there’s a big benefit to making it more transparent.

“Consumers that feel like their data collection is transparent, where they actually know how their data is used and how it’s leading to benefits, are actually more likely to opt in and share personal information which is a great thing for brands.”

So what does this transparency look like? Copy on the website detailing the benefits of a consumer sharing their email address is good, but a pop-up in the brand’s app that beats the Apple smartphone prompt alerting them about sharing their location is better.

“Rather than hiding it in the terms and conditions, there’s an opportunity for brands to make it very clear. For instance, in this case, we can show you when there’s a Tim Hortons nearby and here is a special offer to get you there,” Pallet said.

Without it, much larger and more concerning questions are raised about who’s looking at our data and why, he continued.

“We’ve seen big examples where intentionally or unintentionally brands have shared that data or it’s been accessed, hacked or lost,” Pallet said.

It was a sentiment echoed by Canada’s privacy commissioner too.

“Geolocation data is incredibly sensitive because it paints such a detailed and revealing picture of our lives,” Therrien said, adding that “the risks related to the collection and use of location information remain high, even when ‘de-identified,’ as it can often be re-identified with relative ease.”